search

lynndylanhurley / devise_token_auth

Token based authentication for Rails JSON APIs. Designed to work with jToker and ng-token-auth.
Do What The F*ck You Want To Public License
3.55k stars 1.14k forks source link

Token should not be created if a user already has a token. Following is the create method of DeviseTokenAuth #1556

Open muhammadans414414 opened 2 years ago

muhammadans414414 commented 2 years ago 
 def create

    field = (resource_params.keys.map(&:to_sym) & resource_class.authentication_keys).first

    @resource = nil
    if field
      email_value = get_case_insensitive_field_from_resource_params(field)  
      @resource = find_resource(field, email_value)  
    end
    debugger # login is done
    if @resource && valid_params?(field, email_value) && @resource.active_for_authentication?

      valid_password = @resource.valid_password?(resource_params[:password])
      if (@resource.respond_to?(:valid_for_authentication?) && !@resource.valid_for_authentication? { valid_password }) || !valid_password
        return render_create_error_bad_credentials
      end
      debugger
      @token = @resource.create_token
      @resource.save
      sign_in(:user, @resource, store: false, bypass: false)    

      yield @resource if block_given?

      render_create_success
    elsif @resource && !(@resource.active_for_authentication?)
      if @resource.respond_to?(:locked_at) && @resource.locked_at
        render_create_error_account_locked
      else
        render_create_error_not_confirmed
      end
    else
      render_create_error_bad_credentials
    end

  end